Paper 2016/1007

A survey of attacks on Ethereum smart contracts

Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli


Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

Note: Updated attacks to version 0.4.2 of the Solidity compiler.

Available format(s)
Publication info
Preprint. MINOR revision.
smart contractsblockchaincryptocurrencies
Contact author(s)
bart @ unica it
2016-12-14: revised
2016-10-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Nicola Atzei and Massimo Bartoletti and Tiziana Cimoli},
      title = {A survey of attacks on Ethereum smart contracts},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1007},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.